Computer Science · 9th Grade

Active learning ideas

The Internet of Things (IoT)

Active learning works because the Internet of Things is a tangible concept hiding in plain sight. For 9th graders who use smart devices daily but rarely consider how they function, hands-on activities make the abstract concrete. When students design, analyze, and debate real-world IoT scenarios, they move from passive consumers to informed users.

Common Core State StandardsCSTA: 3A-NI-05CSTA: 3A-IC-24
25–45 minPairs → Whole Class4 activities

Activity 01

Role Play45 min · Small Groups

Role Play: IoT Device Design Council

Groups of four take assigned roles (engineer, consumer advocate, security researcher, business owner) and collaborate to design an IoT product for a school campus. Each stakeholder argues for their priorities during a simulated pitch session, and the class evaluates which tradeoffs were resolved well.

Explain the fundamental principles and applications of the Internet of Things.

Facilitation TipDuring Role Play: IoT Device Design Council, provide each group with a role card and a sample device (e.g., smart doorbell) to ground their discussion in real-world constraints.

What to look forOn an index card, have students list two IoT devices they encounter daily. For each device, ask them to identify the sensor and the actuator, and one potential privacy concern.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 02

Think-Pair-Share25 min · Pairs

Think-Pair-Share: Device Risk Assessment

Students receive a list of 10 IoT devices (baby monitor, smart lock, insulin pump, connected streetlight) and individually rate each for privacy risk on a 1-5 scale with a one-sentence justification. Pairs compare ratings and resolve disagreements before sharing with the class.

Analyze the privacy and security implications of widespread IoT adoption.

Facilitation TipIn Think-Pair-Share: Device Risk Assessment, give students a short time limit (2–3 minutes) to list risks independently before pairing to refine their ideas.

What to look forPose the question: 'If a smart home security camera records footage of a visitor without their explicit consent, what ethical and legal issues arise?' Facilitate a brief class discussion, guiding students to consider data ownership and consent.

UnderstandApplyAnalyzeSelf-AwarenessRelationship Skills
Generate Complete Lesson

Activity 03

Gallery Walk30 min · Small Groups

Gallery Walk: IoT in Industries

Post six industry case studies (healthcare, agriculture, manufacturing, transportation, retail, smart cities) around the room. Students annotate what data is collected, who benefits, and what could go wrong if the system were compromised or misused.

Predict how IoT will transform various industries in the future.

Facilitation TipFor Gallery Walk: IoT in Industries, place printed case studies at eye level and mark a 3-minute rotation so students absorb details without rushing.

What to look forPresent students with a diagram of a simple IoT system (e.g., a smart thermostat). Ask them to label the sensor, the actuator, the gateway, and the cloud component, and briefly describe the role of each in controlling the temperature.

UnderstandApplyAnalyzeCreateRelationship SkillsSocial Awareness
Generate Complete Lesson

Activity 04

Case Study Analysis35 min · Pairs

Case Study Analysis: The Mirai Botnet

Students read a structured summary of the 2016 Mirai attack, where compromised IoT devices took down major websites. Working in pairs, they identify the security failures that made the attack possible and propose three design changes that could have prevented or limited the damage.

Explain the fundamental principles and applications of the Internet of Things.

Facilitation TipIn Case Study Analysis: The Mirai Botnet, assign roles (e.g., journalist, security expert) to ensure every student participates in the discussion.

What to look forOn an index card, have students list two IoT devices they encounter daily. For each device, ask them to identify the sensor and the actuator, and one potential privacy concern.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

A few notes on teaching this unit

Teachers approach this topic by grounding abstract concepts in devices students recognize, then gradually revealing hidden data flows and risks. Avoid starting with definitions; instead, begin with devices students use daily. Research shows that when students analyze real cases, they retain network security concepts better than through lectures alone. Encourage debate to surface misconceptions early so you can address them directly.

Successful learning looks like students explaining how IoT devices collect and use data, identifying security risks in specific devices, and discussing ethical implications with evidence. They should connect their own experiences to larger systems and demonstrate an understanding of shared responsibility for privacy and safety.

Watch Out for These Misconceptions

  • During Role Play: IoT Device Design Council, watch for students calling devices 'smarter versions' of appliances. Redirect by asking them to trace one piece of data the device collects and where it goes.

    Use the Council’s product briefs to push students to name the sensor (e.g., motion detector) and the data flow (e.g., to a cloud server). Ask, 'What happens to that motion data after it leaves the device?' to make the network visible.

  • During Think-Pair-Share: Device Risk Assessment, watch for students assuming cameras and microphones are the only sensors collecting data. Redirect by having them examine the device’s full sensor list provided in the activity.

    During the Pair phase, give students a checklist of common sensors (accelerometer, GPS, ambient light) and ask them to mark which ones are present in their assigned device. This makes invisible sensors visible.

  • During Case Study Analysis: The Mirai Botnet, watch for students blaming manufacturers alone for security failures. Redirect by asking them to identify user actions (like not changing default passwords) that contributed to the attack.

    Have groups list both manufacturer responsibilities (e.g., secure coding) and user responsibilities (e.g., firmware updates) on a T-chart during the analysis. Discuss how both sides share accountability.

Methods used in this brief

More in The Architecture of the Internet

Internet Infrastructure and IP Addressing

Students will understand how IP addresses and routers manage the flow of packets across a decentralized network.

2 methodologies

Network Protocols and Communication

Students will investigate the necessity of standardized protocols for global communication.

2 methodologies

Physical Limitations of Data Transmission

Students will explore the physical limitations of sending data across the world at high speeds.

2 methodologies

Symmetric and Asymmetric Encryption

Students will investigate methods for protecting data integrity and privacy through encryption.

2 methodologies

Cybersecurity Threats and Defenses

Students will identify common cybersecurity threats and explore various defense mechanisms.

2 methodologies